Slashdot Mirror

← Back to Stories (view on slashdot.org)

European Court Rules Companies Must Tell Employees of Email Checks (reuters.com)

Posted by msmash on from the steering-clear dept.

Companies must tell employees in advance if their work email accounts are being monitored and such checks must not unduly infringe workers' privacy, the European Court of Human Rights ruled on Tuesday. From a report: In a judgment in the case of a man fired 10 years ago for using a work messaging account to communicate with his family, the judges found that Romanian courts failed to protect Bogdan Barbulescu's private correspondence because his employer had not given him prior notice it was monitoring his communications. Email privacy has become a hotly contested issue as more people use work addresses for personal correspondence even as employers demand the right to monitor email and computer usage to ensure staff use work email appropriately. Courts in general have sided with employers on this issue.

103 comments

  1. I work in IT by Martin+S. · · Score: 3, Insightful

    So I'm going to assume they can and will read anything I do at work and act accordingly.

    1. Re:I work in IT by stealth_finger · · Score: 2

      So I'm going to assume they can and will read anything I do at work and act accordingly.

      Yeah, shouldn't that be the base assumption? Even if it's not actively being monitored or has ever been it has the potential to be and can at least be checked up on.

      --
      Wanna buy a shirt?
      https://www.redbubble.com/people/stealthfinger/shop?asc=u
    2. Re:I work in IT by dindi · · Score: 3, Informative

      +1 ...

      And why on Earth would someone conduct private business on a company email account.

      Now if they sniff my private mails going to my phone through an external provider, or my home email, that would be a different story.

      But again, I wouldn't use the company's wifi to even receive private mail or access private stuff. For that, you have your data plan.

      And yes, a company computer, a company connection and a company account DOES BELONG to the company, thus should and will be monitored by the company.

    3. Re:I work in IT by TechyImmigrant · · Score: 1

      >And why on Earth would someone conduct private business on a company email account.

      Because you're working late and you need to tell your wife that you're going to be late home, and your employer isn't a douche so is fine with you sending personal emails and has said so.

      Not every employer has a scorched earth policy regarding these things.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    4. Re:I work in IT by networkBoy · · Score: 1

      My company has a "guest" WiFi and a company WiFi. I *assume* both are monitored, and I *assume* that I have no privacy on either.
      In the case of the guest WiFi I view it no different than the WiFi at a starbucks. I'll use it, but only through a VPN using a pre-shared key and strong encryption. My company WiFi I won't use at all, other than to connect with my company provided computer.

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    5. Re:I work in IT by kwerle · · Score: 2

      And why on Earth would someone conduct private business on a company email account.

      Have you ever met people? They're idiots.

    6. Re: I work in IT by F.Ultra · · Score: 1

      I use the company phone for all my private calls (it's the only phone I have since I don't need another). I also use the company network and computer for oersonal usage (i.e posting here), I have a company computer at home and my Internet connection at home is owned by the company. Works well for me, don't understand why it's seen as so obsene by foremost US citizens.

    7. Re:I work in IT by AmiMoJo · · Score: 2

      From TFA:

      The company had presented him with printouts of his private messages to his brother and fiancée on Yahoo Messenger as evidence of his breach of a company ban on such personal use.

      Barbulescu had previously told his employer in writing that he had only used the service for professional purposes.

      So it's not even email, just Yahoo chat. The issue here is not that he lied about using the service for work only, he could still be fired for that, it's that in the EU an employer can't simply read everything on its network because the users of that network have some small expectation of privacy.

      Don't misunderstand this. Network monitoring for detection of intrusion, scanning emails for viruses and spam, that sort of thing is still fine. Even reading employee emails when there is some good reason to is okay in the right circumstances. What isn't okay is the boss being able to read anything an employee writes in a random chat message to their family. Seeing that they are chatting to their family is fine, and the additional invasion of privacy isn't necessary to sanction them for it.

      It's really quite a narrow ruling, but an important one. It reinforces the idea that privacy is a basic human right in the EU and that there must be good reason for violating it. Consider that just because the employer owns a laptop that it gives to you, that doesn't give it the right to remotely turn the web cam and microphone on whenever it likes, e.g. in your home, or even in the office where most people would be upset if you set up a CCTV camera on top of their monitor.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    8. Re:I work in IT by clovis · · Score: 1

      +1 ...

      And why on Earth would someone conduct private business on a company email account.

      Some companies are blocking the common webmail providers.
      It's done for IP security (makes it a little more difficult to send out company confidential information), and also to block the main portal for entry of malware.
      If a person feels they must absolutely must communicate with family/friends/commie spys/etc, they can use the phone.
      Also, there's always dingbats that get confused and will use both the company email and google, yahoo, etc for business mail which leads to all kinds of problems.

    9. Re: I work in IT by Anonymous Coward · · Score: 0

      I use the company phone for all my private calls (it's the only phone I have since I don't need another). I also use the company network and computer for oersonal usage (i.e posting here), I have a company computer at home and my Internet connection at home is owned by the company.

      Works well for me, don't understand why it's seen as so obsene by foremost US citizens.

      Wild guess, you would be from Finland, like I am? I have exactly the same setup as you just described.

      In Finland there is quite clear and strict law forbidding employers to monitor the content of the communications. However, they can do automated monitoring on METADATA (i.e. filtering of traffic based on origin) to limit unreasonable usage of the company network.

    10. Re:I work in IT by Anonymous Coward · · Score: 0

      So I'm going to assume they can and will read anything I do at work and act accordingly.

      What does that have to do with you working in IT?

      And why did you start the sentence with 'so'?

    11. Re:I work in IT by Anonymous Coward · · Score: 0

      Also any company with offices in Germany is used to much stricter rules.
      Examples:
      - expectation of privacy applies even if employer forbids private use. The only way for it to not apply is to forbid AND actively prevent private use
      - if there is a concrete reason the employer generally still has to get permission from the company's Betriebsrat (worker's council?) for any monitoring

      So these rules are not generally new in Europe like the article suggests (been there since almost forever in some countries), what is new is that it applies to all EU countries even if they have no specific laws on it.

    12. Re:I work in IT by GNious · · Score: 1

      Good luck controlling what is sent to you

    13. Re:I work in IT by Anonymous Coward · · Score: 0

      > If a person feels they must absolutely must communicate with family/friends/commie spys/etc, they can use the phone.

      That is bad advice. As that might actually directly cost your employer money, the risk of (legally) being fired for that is much higher than the risk when using company email...

    14. Re:I work in IT by AmiMoJo · · Score: 1

      It's actually in the company's interest to allow work computers to be used for private stuff.

      My boss has my private email address. Once or twice I've answered questions while on holiday. Very often something I ready during lunch break for my own private amusement turned out to be very helpful for the job. All that would go away if they suddenly got strict about computer use, although I'd probably jump ship anyway in short order.

      A little trust goes a long way.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    15. Re:I work in IT by Carewolf · · Score: 2

      So I'm going to assume they can and will read anything I do at work and act accordingly.

      Yeah, shouldn't that be the base assumption? Even if it's not actively being monitored or has ever been it has the potential to be and can at least be checked up on.

      No, it shouldnt. And in Europe a reasonable expectation of privacy is a codified right.

    16. Re: I work in IT by Anonymous Coward · · Score: 0

      Work email accounts belong to the company, end of story. To assume otherwise is delusional.

    17. Re:I work in IT by Actually,+I+do+RTFA · · Score: 1

      And yes, a company computer, a company connection and a company account DOES BELONG to the company, thus should and will be monitored by the company.

      The company's toilet, the plumbing connection, and the water flowing through it all "DO BELONG" to the company as well.

      --
      Your ad here. Ask me how!
    18. Re: I work in IT by Cederic · · Score: 2

      Well, no, not end of story at all. The story includes regulatory compliance, which covers things like protecting consumer data, fiduciary responsibility, obligations against modern slavery and various audit controls.

      Failing to monitor work email accounts is in some situations actually illegal.

    19. Re:I work in IT by Cederic · · Score: 1

      Most people in the UK (and I'd guess the rest of the EU) have a personal telephone with them even when at work, so it's very possible to contact people through telephony without using any company equipment at all.

      Although of course, most phones these days allow use of private email too, so it's odd to suggest ringing people you want to email..

    20. Re: I work in IT by Teun · · Score: 2

      No it's most certainly not end of story.

      As Carewolf writes in the EU (that includes Romania) there is the codified Expectation of Privacy.
      Virtually all companies that use a law office for their contracts will have their employees sign a paper that they understand the company supplied mail and Internet access can be monitored.
      Such a contract would include that you can to an extend use it for private conversations, abuse will not be accepted.

      Another way to look at it is when the mail address includes my name it can hardly be claimed it is 100% company property, or do you want to say my hotmail.com address belongs to Microsoft making them responsible for what I write?

      --
      "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
    21. Re: I work in IT by Anonymous Coward · · Score: 0

      Your gmail account belongs to Google, end of story.
      Your Azure cloud account belongs to Microsoft, end of story.
      Or maybe it's not that simple? Though admittedly it is a good aspect to consider that ultimately they have control in all these cases before carelessly giving data to them.
      It doesn't mean they can legally do whatever they want.

    22. Re:I work in IT by Anonymous Coward · · Score: 0

      Ah, that interpretation makes more sense. But then the point is to not use company equipment, not to use a phone.
      Though I guess this case is one of where the courts are a decade after the technological advancement, nowadays people would have their messenger running on their personal phone anyway.

    23. Re: I work in IT by Carewolf · · Score: 1

      Work email accounts belong to the company, end of story. To assume otherwise is delusional.

      Nope. Not anywhere in the EU.

    24. Re: I work in IT by Carewolf · · Score: 2

      No it's most certainly not end of story.

      As Carewolf writes in the EU (that includes Romania) there is the codified Expectation of Privacy.

      Virtually all companies that use a law office for their contracts will have their employees sign a paper that they understand the company supplied mail and Internet access can be monitored.

      The details might depend on the country, but in Germany such contract as only legal and valid if they are exceptions, that is if they only apply to a minority of employees for whom special consideration makes such a contract necessary. If forced on everybody it is not just not valid, it is outright illegal.

    25. Re: I work in IT by K.+S.+Kyosuke · · Score: 1

      Much like in case of having a desk with a lockable drawer at your office, it's quite practical to occasionally put something there that is not strictly work-related. And much like in case of having a lockable desk at your office, there's next-to-nil cost to the company for it, so nobody except for brain-damaged micro-managers is bothered.

      --
      Ezekiel 23:20
    26. Re:I work in IT by Anonymous Coward · · Score: 0

      Personally I assume that my employer is OK with me making a reasonable personal use of my work email, because they seem to assume that I am OK with checking emails and receiving phone calls from the boss during my own time. If either one were to become excessive, it would be a problem, but at a certain low level, I'm prepared to accept it as long as my employer can be sensible and accept a few personal emails each week.

    27. Re: I work in IT by Anonymous Coward · · Score: 0

      if you have nothing to hide, you have nothing to fear.

      But then again, what happens when your company leadership changes and thus the company culture changes. The culture changes to something that doesnt agree with your personal life (like your absolute love of orange socks for example) but now because all of your computing power is owned by the company they now know about everything you doing (with those orange socks). .

      Oh and its seen as obscene by European citizens foremost, US citizens are usually ok with their corporate overlords being privy to all of their personal details hence why europe has more stringent privacy protections for people. Take the orange socks i mentioned above, now change those out for anything that may be borderline acceptable by society at this point in time, or given that societal views change overtime then maybe its something that is ok now but not ok in the future (like orange socks)

    28. Re:I work in IT by Anonymous Coward · · Score: 0

      In the USA the laws are quite different between telephone and email monitoring
      Personal phone calls on company phones are protected from monitoring unless the employer has notified the employee of the monitoring. Email monitoring of corporate email accounts is allowed by default.
      In most states (not all) in the USA it is illegal to record phone calls unless every call has a message such as "this call is being recorded" and both parties consent.
      It is almost never legal for an employer to monitor or record phone calls made from a personal phone. This is because the non-employee at the other end has not given consent.

    29. Re:I work in IT by KingBenny · · Score: 1

      should and would ... i think the point is that they have to officially notify / warn you that they're doing it before they're doing it, i dont think the right of the employer to monitor his own lines is on the table here, but the duty to inform their employers if and when they do before they do it.
      i agree its their hardware and their lines, just like they get the right to hire and fire whoever they want for whatever reason, no matter how idiotic
      i mean its all nice to be pc about it, but if your employer doesnt like you i dont really see the point in forcing him to keep you since your life will be hell , but im drifting off topic again (one of my superpowers ... dispersion and diffusion)
      so ... yes, i think its all about the employers duty to inform up front, not about his or her right to keept taps (tabs?) on their own lines or not .. so if you don't like it then you can tell him or her to phrack off and look for another place, and if you don't mind you can just accept the job
      pc-europe ... selling the privacy of its citizens, big brothering to the point where any kind of non pc speech can actually get your house raided but when it comes to looking good protecting rights they're good, right, just a bit confusing and obfuscated and don't forget, in soviet europe, any law can be surpassed for raison d'état (yes i say that a lot but thats because it is, in what calls itself western democracy, something like the thing that shouldnt be hm hhmmm...)

      --
      Free speech was meant to be free for all... how can anyone grow up in a nanny state ?
    30. Re: I work in IT by F.Ultra · · Score: 1

      Almost, Sweden.

  2. Don't do that with your work account by bluefoxlucid · · Score: 1

    Privacy is one thing, and most businesses--even Federal agencies--confer a limited personal use policy, allowing you to browse the 'net and do things with their equipment as long as you do your job. This was actually directly described on the MOTD at log-in at the Social Security Administration. There's a reasonable expectation of privacy; it's also their system, and what you do is subject to inspection.

    So yeah, they won't suck up your cookies, hack your gmail, and snoop your bank accounts; they will read your e-mail and inspect the files on your computer if they so choose.

    Maybe don't e-mail naked pictures of yourself using the corporate email account. It also really irritates your mail admin when the FBI shows up and requires access to search your company e-mail the morning after they pick you up for child pornography.

    --
    Support my political activism on Patreon.
    1. Re:Don't do that with your work account by Anonymous Coward · · Score: 0

      And that's the reason why this company lost: they didn't tell the employee about the monitoring. The verdict was that: monitoring is not allowed if you don't tell your employees.

    2. Re:Don't do that with your work account by Anonymous Coward · · Score: 0

      Remember that's a ten years old story, in 2007 people were more naive regarding their privacy.
      Not that they are competent now, but still...

    3. Re:Don't do that with your work account by __aaclcg7560 · · Score: 1

      If you mixed personal emails with your U.S. government emails, Congress can subpoena your personal email account. Something as innocent as a sending an email to inform your boss that you're running late for work can make your personal email account fair game to congressional investigators. Make sure that your personal email account is "clean" unless you want to read about your messy relationship emails in The Washington Post after being leaked by a congressional staffer.

    4. Re:Don't do that with your work account by networkBoy · · Score: 1

      I post to /. on my company machine.
      I don't connect to FB or my google account, however.

      Reasonable use doesn't mean private use ;)

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    5. Re:Don't do that with your work account by KiloByte · · Score: 2

      And that's the reason why this company lost: they didn't tell the employee about the monitoring.

      So there'll be a single line added in an obscure place to the pile of paper you're required to sign upon being hired, without even an opportunity to actually read what you're signing.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    6. Re:Don't do that with your work account by Anonymous Coward · · Score: 0

      If you mixed personal emails with your U.S. government emails, Congress can subpoena your personal email account.

      If you mix personal get-rich-quick schemes with your US government work day, you can be fired.

      Something as innocent as a sending an email to inform your boss that you're running late for work can make your personal email account fair game to congressional investigators.

      Something as innocent as shitposting on Slashdot to try and make a few pennies can make your employment fair game to managers.

      Make sure that your personal email account is "clean" unless you want to read about your messy relationship emails in The Washington Post after being leaked by a congressional staffer.

      Fortunately, your life is unremarkable and nobody would give a shit about you - a story about you would probably decrease sales of the Washington Post.

    7. Re:Don't do that with your work account by war4peace · · Score: 2

      No, because the EU laws don't allow for that douchebaggery to exist.
      I work in the EU and there are big signs at entry doors warning that the place is being monitored through CCTV,
      We have signed a separate document which details what exactly is being monitored, how and for how long, with a list of cases where monitoring would happen, etc.
      I do know that all files on my company-issued laptop are scanned and their file names (NOT the contents) are saved for later scrutiny if need be, but in order for that scrutiny to occur, there needs to be a good, legally-established reason.
      Files and their contents are backed into the cloud, but I get to choose which ones should be backed up, it's my responsibility to select them (and the privilege to not select the ones I don't want backed up).
      There is an expectation for reasonable use of company assets for personal reasons, with top 5% overall users of, say, mobile data being informed they are in top 5% and still not monitored in detail, only told "hey, during the last X months you've been using a lot of mobile data, please try to reduce usage".

      This helps employees be less paranoid and focus on work rather than avoiding employer scrutiny.

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    8. Re:Don't do that with your work account by jabuzz · · Score: 1

      Correct. Though in exceptional circumstances you can still monitor the emails without telling the employee.

      This was a super narrow judgement, tell the employee that work email accounts will be monitored and you are in the free and clear. I would add that any sensible employer would already be telling their employees that anyway.

    9. Re:Don't do that with your work account by Anonymous Coward · · Score: 0

      There is already a book about Walter Mitty, although he didn't weigh almost 400 pounds, 250 of which are shit.

    10. Re:Don't do that with your work account by Anonymous Coward · · Score: 0

      Hello dear readers,

      I am Nancy Guerrero and I am the Director of Special Education for the Santa Clara County Office of Education. We use Chris' (a.k.a creimer) picture in our document because he is the hardest case we have ever had to handle:
      http://www.sccoe.org/depts/stu...

      Our artists were inspired by the low carb diet that Christopher follows scrupulously for the small lunch box and by the picture linked below for the rest. I am sure that you will notice the similarities such as the bump on the side of his chest and more:
      https://www.cdreimer.com/slash...

      Please be easy on Christopher although, I am aware that some of our staff handling Chris post joke comments here and obvoiusly, the Santa Clara County Office of Education disapprove that behavior vehemently:
      https://school.discoveryeducat...

      But it isn't Chris' fault if he is the way he is. We do the best we can do with him and he is partially integrated into society. We try to cure his abnormal need for attention but he is kind of stubborn and won't listen to anybody.

      Thank You dear users,
      -Nancy Guerrero

    11. Re:Don't do that with your work account by Anonymous Coward · · Score: 0

      Cock eggs, cock eggs, creimer is losing his karma! no more +1 Karma-Bonus Modifier ;-)

      It's about time!

      "I frequently read and comment on Slashdot, a techie news discussion website. Because of the quality of my posts and my article submissions, I’m a highly rated commentator and moderator. "

      right creimer, right, hehehe, see another dumb shitpost here for a good laugh:
      https://www.kickingthebitbucke...

       

    12. Re:Don't do that with your work account by Anonymous Coward · · Score: 0

      Notice he's gone silent today? I expect we'll see a week or so of karma whoring to try and recover his "excellent" karma so he can shitpost freely once again.

    13. Re:Don't do that with your work account by Teun · · Score: 1

      Yes but as an employer you will have to notify the works council of your planned monitoring including the reason why.
      As the chairman of our works council I've been in that situation, there was indication one of our lab managers was in the process of setting up a competing lab in his own name.
      He was released a day later, the proof was overwhelming, what a stupid idiot to use company mail for such a dirty trick.

      --
      "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
  3. I would side with the employers also. by Anonymous Coward · · Score: 0

    If you're using company equipment, it is logical to assume it's being monitored. To believe otherwise would be quite naive. If you need to be told, you probably need a tag on your mattress that says: "Do not eat"

  4. Why would this matter ? by Thanatiel · · Score: 1

    Who would use the mail box of the office for something personal ?
    At our day and time, the smartphone is more than enough for the odd 3 lines messages for emergencies.
    If you need more, do it at home, not on your company's dime.

    --
    Irrelevant news and morons using moderation to mod down what they disagree on. 2018 resolution: so long.
    1. Re:Why would this matter ? by RobinH · · Score: 1

      If you're using your phone at work for personal use, you're doing it on your company's dime too, particularly if you're paid hourly.

      --
      "I have never let my schooling interfere with my education." - Mark Twain
    2. Re: Why would this matter ? by Anonymous Coward · · Score: 0

      Particularly if you're paid hourly? How so?

    3. Re:Why would this matter ? by Thanatiel · · Score: 1

      I specifically said "3 lines for emergencies" : life happens (or death, as the case may be).
      Taking more than a a minute is where I draw the line.

      But maybe you have a different perception of what construes an emergency.

      --
      Irrelevant news and morons using moderation to mod down what they disagree on. 2018 resolution: so long.
    4. Re:Why would this matter ? by networkBoy · · Score: 1

      That depends:
      Is it on a designated/designatable break? Then no, you're not on your company's dime.
      Are you an exempt employee and are you achieving what you were tasked to do? Then no, you're not on your company's dime.
      Are you hourly and not on break, or exempt and it's interfering with your ability to complete your task? Then *yes* it is on your company's dime.

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    5. Re:Why would this matter ? by Anonymous Coward · · Score: 0

      particularly if you're paid hourly.

      I doubt a distinction unique to the US is very relevant to a case involving a Romanian employee.

  5. Email? It's about all electronic communication. by Anonymous Coward · · Score: 0

    The case at hand was about en employee using Yahoo messenger for private use, not email.
    The verdict is about electronic communication.

    So how come the headline is only about email?

  6. Workers usually on the receiving end of cane. by Anonymous Coward · · Score: 0

    If I remember correctly, there was a case where a single-parent worker was summarily fired for using an office workstation to write an instant message to his elementary school aged daughter, telling her that he's been ordered to work overtime and she shall arrange supper for herself. The court sided with the company...

    1. Re:Workers usually on the receiving end of cane. by Anonymous Coward · · Score: 0

      Crazy. Some third-world country? Or eastern Europe?

  7. Gonna be buried in legalese by Anonymous Coward · · Score: 0

    The "notice" will be added to the employment contract, somewhere on page 20 of the legalese essay: "we might monitor your email at any time".

  8. Pit it in writing ... by CaptainDork · · Score: 2, Insightful

    ... in a Technology Administrator Policy and designate an administrator.

    I'm retired now, and when I hired on at a law firm 20 years ago, I wrote that policy and amended it as things changed.

    I blocked shit like match.com, Facebook, Twitter, etc.

    I listed taboos like using business email for non-business purposes and I stated clearly that, at the direction of the partners, I would be monitoring emails, browser history, etc.

    For each and every new hire, I read the Policy to them in the kitchen area and invited them to ask question then, and at any other time during their employment.

    The last page had a place for two signatures/dates:

    - Theirs, acknowledging that they participated in the counseling

    - Mine, acknowledging same.

    I got a few calls regarding wrongful termination during the years and, in one matter, the fired employee said, "Well, everyone else was doing it."

    I told the work comp lady to add, "Line item 6.1.a, 'Report any violations or suspected violations of this policy to the Technology Administrator."

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re:Pit it in writing ... by Kjella · · Score: 4, Insightful

      I got a few calls regarding wrongful termination during the years and, in one matter, the fired employee said, "Well, everyone else was doing it."

      I told the work comp lady to add, "Line item 6.1.a, 'Report any violations or suspected violations of this policy to the Technology Administrator."

      So assuming he wasn't exaggerating you amended a policy nobody followed with another over-the-top rule for them to ignore, brilliant. I've read a few policies like that, in theory they're great. In practice nobody knows, because they're so anal the only real purpose they serve is as legal ammunition against troublesome employees. For example I read my organization's phone application guidelines, install any non-IT approved app and you take full legal liability for any damage it can cause. Meanwhile using it as your personal phone too is encouraged and 95%+ do exactly that, nobody bats an eye at installing anything. It's only there because if shit hits the fan they can throw you to the wolves and blame you for violating policy.

      --
      Live today, because you never know what tomorrow brings
    2. Re:Pit it in writing ... by AmiMoJo · · Score: 3, Insightful

      That sounds like a horrible, Orwellian place to work.

      Did you give employees laptops and phones for travel? Did they routinely turn them off to prevent you activating the camera/microphone and carry a second personal laptop?

      It really sounds like an awful way to live. I wouldn't work at such a place, I'd only go somewhere that doesn't routinely spy on me and largely doesn't care as long as I get stuff done. Even if I didn't care about privacy, I'd assume it was a sign that there were other serious problems with the management style and working environment.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Pit it in writing ... by CaptainDork · · Score: 2

      It's possible that you don't grok it.

      The longer version, that should be apparent, is that a violator got three strikes.

      Well, 4.

      As a coworker, I'd whisper in their ear that what they were doing was a violation and to stop.

      For each violation, I simply witnessed the reprimand given by a partner. That violation was written up, with proof attached; signed by the violator and me.

      That went into their folder.

      Third time was a charm.

      Example:

      Kara downloaded Picasa, a photo editing thing from Google. "Downloads are prohibited without prior permission from the Technology Administrator."

      She brought in her personal camera and uploaded pictures to her computer, then to Picasa. "Employees will not use personal technology at work and will not make changes to any of the Firm's technology without prior permission from the Technology Administrator."

      Management was suspicious of her and asked me to look at her activity on the firewall.

      She was on match.com (this was the trigger for the firewall block, per my recommendation) on a Friday from 2 pm to 5 pm.

      It was all documented, signed by her, and she was let go.

      --
      It little behooves the best of us to comment on the rest of us.
    4. Re:Pit it in writing ... by CaptainDork · · Score: 1

      It really sounds like you want to read the whole goddam Technology Administration Policy.

      For things that seem whack to you, fill in the fucking blanks with the common sense you would include.

      Recall that I counseled each new hire, personally, one-on-one.

      We're a LAW FIRM.

      Things have to be tight all around.

      --
      It little behooves the best of us to comment on the rest of us.
    5. Re:Pit it in writing ... by AmiMoJo · · Score: 1

      Sounds like an incredibly effective way to destroy productivity. All requests, even for trivial things, have to go through one person, or at least through the IT department.

      Maybe it's different at law firms, but as an engineer it would be impossible to do my job working that way.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    6. Re:Pit it in writing ... by Cederic · · Score: 1

      You can be tight without being a complete twat about it.

      I know law firms are full of people professionally trained to be utter cunts but that doesn't have to extend to the IT staff. I work for a company with severely more stringent information security requirements than a law firm and we do this scary thing called making it a great place to work.

      You should consider giving it a go some time.

    7. Re:Pit it in writing ... by CaptainDork · · Score: 1

      So, at work, you need Facebook, match.com, and you need to use your work email to forward photos you took with your digital camera?

      --
      It little behooves the best of us to comment on the rest of us.
    8. Re:Pit it in writing ... by Anonymous Coward · · Score: 0

      We're a LAW FIRM.

      A law firm where IT has instant access to any information passed between anyone, including client and attorney. Hope you also passed that little tidbit on to your clients.

      Things have to be tight all around.

      There is an old star wars quote that applies about grasping too tightly. Unless these private emails are harmfull to the company there is no reason to play darth vader.

    9. Re:Pit it in writing ... by CaptainDork · · Score: 1

      I let business run the IT department.

      My partners at the law firm called the shots and I made recommendations that protected the Firm.

      Not all were accepted.

      They got hit with ransomware shortly after I retired because one of the lawyers phished on "nude photos" of some celeb.

      I recommended a more expensive firewall with an aggressive approach to malware but they did their risk analysis and denied my request.

      They signed off on their rejection, so I was CYA.

      Last I heard they bought "ransomware insurance."

      I don't know how that works but it's their problem now.

      --
      It little behooves the best of us to comment on the rest of us.
    10. Re:Pit it in writing ... by thegarbz · · Score: 1

      the only real purpose they serve is as legal ammunition against troublesome employees

      Yes and? This appears to be entirely the point of the story. Tell the employees that you have a policy and you're good to go.

    11. Re:Pit it in writing ... by thegarbz · · Score: 1

      It really sounds like an awful way to live. I wouldn't work at such a place

      You could have just told us you were unemployed. No need to go about it in such a roundabout way.

      But seriously you are being watched. If you're not, let me know who your employer is because they have laughable IT security if that's the case.

    12. Re:Pit it in writing ... by Teun · · Score: 1

      I wonder how you got your nickname but I can guess...

      My ex is a lawyer and senior partner in a law firm, whatever they do on the company computers needs to be billed to the relevant client and software is installed to keep the timing.
      Yet they can disable this tracker when they take their break and mail and surf with their companies or own account.
      The actual lawyers in the company have a two-level mail address, their.name@lawfirm.com where all is monitored and their.name.direct@lawfirm.com that is unmonitored for reason of client-lawyer privilege.
      As an IT man you'd be fired and sued if you'd ever, without prior authorization, tried to access these direct accounts.

      --
      "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
    13. Re:Pit it in writing ... by CaptainDork · · Score: 1

      You guessed wrong on the nickname.

      I know that you know that we each make up our own nickname and that the nickname is not, "given."

      I refer you to Dave Barry.

      Appreciate that it applies to you.

      regarding your post: You said what I said, except you exited too hard.

      Terminal events were set by my employer; not you.

      Individual employees are seldom liable for damages related to their work positions.

      --
      It little behooves the best of us to comment on the rest of us.
    14. Re:Pit it in writing ... by edtice1559 · · Score: 1

      I travel multiple times a week and, yes, I carry a second, personal laptop. There was a time when we were a smaller company and had more liberal policies. But even if I found myself in that situation again, I don't think I'd go back to carrying just one laptop. They just aren't that heavy and it's well worth it not to mix work and personal stuff. Or for short trips, just use your phone. There's really no reason to have work and personal stuff even on the same machine.

    15. Re:Pit it in writing ... by Anonymous Coward · · Score: 0

      You're underestimating yourself. You're not CaptainDork, you're MotherOfGodDork.

    16. Re:Pit it in writing ... by Kjella · · Score: 1

      No, I grok it just fine and I think we're perfectly in agreement on how this works.

      "Downloads are prohibited without prior permission from the Technology Administrator."

      Not just applications, but downloads in general? Am I in violation if I download a PDF?

      "Employees will not use personal technology at work (...)

      So if I check my personal cell phone while at work...

      and will not make changes to any of the Firm's technology without prior permission from the Technology Administrator."

      I can't even parse this, am I allowed to turn on/off my computer?

      She was on match.com (this was the trigger for the firewall block, per my recommendation) on a Friday from 2 pm to 5 pm.

      And you religiously enforce this for everyone who spent two minutes checking a non-work related item?

      It was all documented, signed by her, and she was let go.

      Which was my point.. it's not a policy you expect people to follow, it's a policy everyone violates so you can fire those you want to fire who have violated your *real* thresholds for unacceptable behavior.

      --
      Live today, because you never know what tomorrow brings
    17. Re:Pit it in writing ... by CaptainDork · · Score: 1

      Any chance at all that you actually support any of the Policy?

      It saved our ass for years.

      We used to simply include it in the hire package.

      We discovered that, like most things in that package, people were like, "OK, whatever. When's vacation, where's the bathroom and kitchen and stuff."

      And, it's not like we hired people just so we could fire them.

      Recall that I personally talked to each new hire.

      It was a friendly, sensible conversation that a few did not want to follow, opting for termination instead.

      --
      It little behooves the best of us to comment on the rest of us.
    18. Re:Pit it in writing ... by tlhIngan · · Score: 1

      So, at work, you need Facebook, match.com, and you need to use your work email to forward photos you took with your digital camera?

      Don't need facebook or match.com, though I wouldn't be surprised if someone needed to do their job (social media and the like).

      But digital camera to computer? Yes. Because you wouldn't believe how many support cases are simplified if the client simply takes a photo of the problem. Or in our case, we often photograph circuit boards and point out certain things. Like serial numbers (some people get confused so a photo pointing out where to look for the label solves the problem in 10 seconds versus a day of back and forth emails). Or maybe they blew something up - a photo of the exploded part works wonders.

      I've also seen it the other way - a company was so paranoid about IP, they installed spyware on everyone's PC. Yes, they even emphasized it - from the VP who was let go because he played a movie on his work laptop (let's say not entirely legally obtained), to where there were dire warnings to never copy source code files (.c, .cpp, .h, etc) to a USB drive. If you need files on USB stick for testing, use PDFs and the like.

      I got lucky - I didn't really work for them - I was contracted to them so I had my company's laptop with me over VPN to which I did my "normal" stuff and the company's PC which I did all the work with. Things sucked even worse when they decided that instead of having a generate gateway at that office in Canada, they would be directing all office traffic to headquarters in California, so were upgrading the links. It added some delay to the VPN that was noticable. They also blocked everything other than 80, 443 and some other ports (I had an SSL VPN which meant everything I did worked over 443). About 6 months before the end of my contract there they created a guest WiFi.

      Oh yeah, the spyware caused lots of issues. We just ended up blaming slowdowns and stalls on it - but hey, I guess they were used to such inefficiency if it takes twice as long to compile.

    19. Re:Pit it in writing ... by CaptainDork · · Score: 1

      Did you even read the fucking part about "personal photos," and "Picasa?"

      You're trolling.

      I get that.

      Bye.

      --
      It little behooves the best of us to comment on the rest of us.
  9. Invitation To Theft by forkfail · · Score: 2, Insightful

    As soon as it becomes impossible for an organization to maintain complete control of the communications on it's own networks, connections to other networks, and data transfers to and from those external networks, you have given carte blance to those who would steal company secrets, data, and technology.

    This is insane. Folks have cell phones that they don't have to put on corporate/company networks. Use that for personal.

    --
    Check your premises.
    1. Re:Invitation To Theft by networkBoy · · Score: 1

      Devil's advocate:
      Cell phones are not allowed as they can be used to exfiltrate data.

      Now of course in an environment that strict I would generally presume two things:
      1) In the controlled environment there is a *hard* firewall with default deny to protect the systems.
      2) There are other systems (possibly in a different physical location) that can access the internet at large and are available on break times.

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    2. Re:Invitation To Theft by Anonymous Coward · · Score: 0

      Why is this marked as insightful? If you as an employer have so little trust in your employees that you need complete control of the communications to stop stealing of company secrets, data and technology then a) you're going to fail to stop those leaks because there's too many other ways to get the data out and b) you're going to fail as a company because any employee worth their salt will go to a company that trusts them.

    3. Re:Invitation To Theft by Anonymous Coward · · Score: 1

      Why is this marked as insightful? If you as an employer have so little trust in your employees that you need complete control of the communications to stop stealing of company secrets, data and technology then a) you're going to fail to stop those leaks because there's too many other ways to get the data out and b) you're going to fail as a company because any employee worth their salt will go to a company that trusts them.

      Are you even 14 years old? 16? "Why don't you trust me" is a cry from misbehaving teenagers.
      No. You can't trust everyone. It's a fact.
      And it not so much evil people that you're trying to protect yourself from, it's stupid people.

    4. Re:Invitation To Theft by AmiMoJo · · Score: 1

      If an organization is reliant on having complete control of its network for security then it's fucked anyway. Real security has layers. If your security can't survive one phishing email that uses some zero day exploit, or someone connecting an infected laptop to the wifi (e.g. when they get back from a trip), if you ban any equipment you can't totally control... You are both reducing productivity (which IT is supposed to enable) and failing to secure the company systems.

      Anyway, in this case the guy was just using Yahoo Messenger to talk to his family, as well as clients. It's going to be quite hard to block his family but still allow clients to talk to him that way. And the specific issue was not that he was found out, it's that they captured a load of his private communications in the process. Firing him was fine, they just didn't need to invade his privacy further to do it.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    5. Re:Invitation To Theft by Anonymous Coward · · Score: 0

      Folks have cell phones that they don't have to put on corporate/company networks. Use that for personal.

      You talk about people stealing company secrets, then talks about personal cell phones. Guess what the first item to be banned in a security critical context is? Most of my customers let me drop of my cell phone at the reception, only the companies phones are allowed.

      Note that a major point in this case was the company not notifying its workers that they would be monitored at all. So this isn't complete insanity.

      Every company that actually cares about secrecy instead of harassing its workers has the following:

      * complete ban of cell phones with or without a camera, microphones also act as secret listening devices
      * complete ban of binary attachments on emails
      * fully automated keyword scan on emails, any flagged email is reviewed for an actual breach
      * same for website access

      Points three and four are done by a restricted group of employees that have to keep within the privacy laws and nobody in HR or Management will ever see the contents of those emails unless there is a clear and relevant violation present. So no confronting the employee with his family correspondence unless it contained some top secret company information. The privacy laws are in effect similar to doctor/patient or client/attorney privilege, there is someone who has access to the data and they are only allowed to use that access for a narrow purpose specified by law.

    6. Re:Invitation To Theft by Cederic · · Score: 1

      there's too many other ways to get the data out

      You'd be surprised how fucking hard it can get though, after even the most basic of security constraints are put in place.

      I have access to offices in multiple countries globally and I still can't get into a specific part of one of our local offices, because the team in there have deep access to very sensitive data.

      That team are not trusted with that access. They're monitored, audited, logged and educated. They're vetted when they're hired, and know that they aren't trusted.

      They don't leave because they respect the need for these measures, they understand the damage that an information leak could cause and they appreciate the protection these processes gives to them - they wont get prosecuted or imprisoned for leaking data because there's some serious evidence to demonstrate that they didn't and couldn't.

      Of course, no information is 100% secure and still accessible, so they pootentially _could_ leak data, but it'd need to be a seriously thought through and targeted attack, and even then there's a very strong likelihood of detection and subsequent action. Which would indeed include criminal prosecution.

      It would also need an understanding of the defences in depth around that information, which is one of the things we don't trust that team with. The data is sensitive, but I'm not sure it's worth embedding a full team of people across different roles in the organisation to access - anybody with those resources tends to have more direct mechanisms, such as sending in the police with a court order.

    7. Re:Invitation To Theft by Teun · · Score: 1

      Spot on!

      --
      "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
  10. Sing this!!! by Anonymous Coward · · Score: 0

    Phenominal

    Pa-Hee-Ha-Heenus

    Phenominal

    Pa-Hee-Hee-Nus

    Phenominal

    Pa-Hee-Ha-Heenus-Ha-Heenus-Ha-Heenus-Ha-Heenus-Ennus
    Pa-Hah-He-He-Nus!

  11. No need to use work email due to Smartphones by StandardCell · · Score: 1

    The ruling aside, there's no better way to avoid workplace communication monitoring than to use a smartphone with mobile data network connection. Most plans have more than enough data to give you everything you need while you're at work. It's pointless and counterproductive on so many levels to log into anything personal on work machine.

  12. Going to assume by drewsup · · Score: 1

    That this was more than a couple emails to family when working late hours, it was 10 years ago, so ya Blackberry's were out, Iphone just getting started, if it was just a quick email saying hi to brother across the country I would be tempted to have some sympathy for the guy, but appears to be flagrant abuse.

    1. Re:Going to assume by Anonymous Coward · · Score: 0

      Nokia smartphones dominated the market at the time...

  13. 2017: Using work email for personal business by Rick+Schumann · · Score: 1

    Why would you even do that? Not smart.

  14. Harder to create jobs? by galabar · · Score: 1

    As a company, or someone wishing to start one, has to deal with more and more regulation, when do they just shrug?

  15. Grey area: ruling makes sense by Roger+W+Moore · · Score: 2

    Yeah, shouldn't that be the base assumption?

    No. It might be the cautious assumption but that does not mean that someone who expects some level of privacy has unreasonable expectations. There are many different levels of private email correspondence. For example, if I email my wife to let her know that I will be home late because of work I would not expect my employer to fire me for personal use of work email. However, if you tried to run a small business of eBay selling things through your work email then yes I would expect any employer would likely fire you for that!

    This means that there is a certain grey area between what an employer wants to let you do and what a reasonable person might assume that they can do. Hence this ruling seems to make a lot of sense: employers can do what they want with an employee's email account, they just have to say exactly what they will do and what they will allow beforehand. This way everyone's different assumptions about what is ok do not matter because the rules are spelled out.

    1. Re:Grey area: ruling makes sense by Cederic · · Score: 1

      if I email my wife to let her know that I will be home late because of work I would not expect my employer to fire me for personal use of work email

      You miss the point. The base assumption should be that your employer will know that you mailed your wife to let her know that you'll be home late.

    2. Re:Grey area: ruling makes sense by stealth_finger · · Score: 1

      For example, if I email my wife to let her know that I will be home late because of work I would not expect my employer to fire me for personal use of work email. However, if you tried to run a small business of eBay selling things through your work email then yes I would expect any employer would likely fire you for that!

      And how would you expect the employer to know you are doing either? Because they have access to your work email and the ability to look through it. For example, say you work at super company x. You email your wife to say you'll be late or to get milk, some colleagues or even friends about non work related matter. Not really a big deal unless you take the piss. Now say rival company y comes to you and wants some trade secrets in exchange for bags of cash, you wouldn't dream of sending that from your work email would you? Obviously not because you already know that's not your email address and they have complete access. Now if you emailed the secrets from within work but from your own actual personal account they would have a lot harder time knowing what you were up to and no real right to access unless they had substantial other proof and went through a court.

      --
      Wanna buy a shirt?
      https://www.redbubble.com/people/stealthfinger/shop?asc=u
  16. Set expectations by Anonymous Coward · · Score: 0

    My current employer notifies new employees that all traffic over the network may be monitored and all email or communications on the company's systems are monitored.

    They actually aren't, but it protects them from issues like this if they do choose to monitor some systems.

    I assume that this is what will happen in Europe.

    1. Re:Set expectations by Anonymous Coward · · Score: 0

      Blanked monitor statements are not allowed in Europe.
      In Europe you can not sign away your rights.

  17. It's called Freedom by WillAffleckUW · · Score: 1

    and Liberty

    both of which are lacking in America, but still exist in the EU

    --
    -- Tigger warning: This post may contain tiggers! --
  18. Oddly Enough.. by agrisea · · Score: 1

    Back in the years of the BBS, system owners/operators had to display a message to their users when they logged in about the Electronic Communication Privacy Act of 1986 and specifically say if they could in fact guarantee the user's privacy for email, chat logs, etc. I am not able to find the exact text that was displayed, sorry.

    --
    Agrisea Tsunami - Epyc Servers... https://agrisea.net/products
  19. Email? IM? by nine-times · · Score: 3, Interesting

    From the summary, I had assumed that this was a standard case of a company accessing a person's email that was sent through that company's own mail server. I was pretty much ready to side with the employer. If you send an email through your company's mail server, you should expect that someone might view that email. Even if the employer isn't snooping, there are any number of reasons why someone at the company may need to review your work emails. However, the article states:

    The company had presented Barbulescu with printouts of his private messages to his brother and fiancée on Yahoo Messenger as evidence of his breach of a company ban on such personal use.

    So that makes it sound like this guy was using a personal Yahoo Messenger account. So that kind of takes me in the other direction, in favor of the employee's right to privacy. As a general rule, I don't think that your company should have the right to access your personal email/IM accounts, even if you happen to access them on work devices.

    However, that doesn't really explain how they got access to his chats, unless they were stored on his work computer. I don't feel comfortable saying that a company shouldn't be allowed to review the contents of a company-owned computer. And this is further complicated by the fact that the employee stated, in writing, that the account was being used solely for work purposes. In that case, I could see an argument that the account is a work account, not a personal account, and so the employer should be allowed to access it.

    In any case, I think there's some space between "what an employer should be legally allowed to do" and "what an employer should do". Even if employers can spy on employees and review private email, they should try to avoid reading anything that's not business related.

  20. Re:Email? IM? by thegarbz · · Score: 1

    So that makes it sound like this guy was using a personal Yahoo Messenger account. So that kind of takes me in the other direction, in favor of the employee's right to privacy. As a general rule, I don't think that your company should have the right to access your personal email/IM accounts, even if you happen to access them on work devices.

    Work devices are work devices. You want a personal device, carry a personal device. I don't side with the employee in this case. IT security involves dealing with threats and sometimes those threats can be internal as well.

    That said either side of an argument is usually painted in rose. The reality is probably:

    a) the guy was caught transmitting something sensitive.
    b) the guy was seriously slacking off and spending half the day on personal stuff.
    c) the guy was toxic to the company and they were looking to any reason to get rid of him.

    However, that doesn't really explain how they got access to his chats

    10 years ago security wasn't high on anyone's agenda. There certainly was little to no talk about encryption. Maybe the transparent proxy caught all the MITM-SSL traffic as is pretty standard on a company PC.

  21. Re:Email? IM? by dissy · · Score: 1

    So that makes it sound like this guy was using a personal Yahoo Messenger account. So that kind of takes me in the other direction, in favor of the employee's right to privacy. As a general rule, I don't think that your company should have the right to access your personal email/IM accounts, even if you happen to access them on work devices.

    It can be a very fine line, but as the steward of an employers data, networks, and security policy, IT staff are between a rock and a hard place here.

    The company is legally responsible for vetting contractually and/or legally burdened data from leaving any internal compartmentalized or secured areas to outside networks such as the Internet.

    There is really only two ways to do this.
    A) Monitor the data egressing the network, or
    B) Disallow any and all types of general network access that would permit this in the first place.

    As a technology advocate myself, I would much prefer the option of simply treating all employees as trusted adults capable of such restrictions and care on their own.
    However not only do the lesser technologically inclined not always have the knowledge or skills to do this even when it is their intent, but the fact is there does exist bad actors that for whatever reasoning are actively going to try and harm you for their gain.
    For this reason it falls upon us to practically guarantee the protection of the companies data and information.

    Personally I know I would absolutely hate and despise operating under work conditions where all of the company resources are locked down and restricted to the point of not being useful, such as a whitelist of vendors and customers for email and websites, or those simply blocked entirely.

    On the other hand, I know if I went to my boss to present this as a problem needing a solution applied, and gave the two options above... He very likely wouldn't share my opinions on the moral downsides of option "B", and would very likely see it as the simplest, cheapest, and best option to solve the problem.
    And while this wouldn't apply to my current boss, I have in the past worked for people who would immediately question why I am even presenting such a thing as a problem to them in the first place, since to them option "B" would be the glaringly obvious only answer, and "shame on me" for not recognizing that "fact".

    In the end I very much worry laws like these will less protect an employees privacy and more simply force companies to block any and all such privileges in the first place, both to meet their other legal and contractual obligations as well as to head off any more removal of things they can or can't do with their own property.

  22. Re:Email? IM? by Teun · · Score: 1

    I'm not 100% sure but believe to remember from a few years ago when this thing was in another court that he was using a company account designated for client contact to communicate with his family.

    --
    "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
  23. Re:Email? IM? by nine-times · · Score: 1

    The company is legally responsible for vetting contractually and/or legally burdened data from leaving any internal compartmentalized or secured areas to outside networks such as the Internet.... In the end I very much worry laws like these will less protect an employees privacy and more simply force companies to block any and all such privileges in the first place

    Yeah, it is a bit complicated. The need for security varies from industry to industry, and business to business. In many cases, the best option is just to treat employees as trusted adults. Or more to the point, to deal with the need to secure data on a different level, preventing employees from accessing it in the first place rather than trying to police what they do with it. That's generally a better approach, since once the data is available to people, they might find some way to share it.

    There's also the question of what level, and to what extent, you want to monitor or control user access. For example, are you just monitoring that some HTTPS traffic went to some site, or are you introducing some kind of proxy that's performing a MITM attack so that you can see the content of the traffic? Are you trying to blacklist a few sites, or instead block everything and only whitelist a few sites?

    I don't think there's a correct answer, but you have to tailor the security to your needs. There may be a middle ground, e.g. block all IM but the employer-approved IM, and then have that traffic monitored and archived. That way, you make it clear to the employees that this is a company-owned service, and communications are not private. I think setting up a MITM monitoring system is worse, since it gives people the illusion that their traffic might be private.

  24. In Germany .. by Foppel · · Score: 1

    In Germany (part of the EU) the ruling is like this:
    An employer has to tell the employee (ideally based in the contract) if company e-mail and equipment is for business use only. This has to be true for all employees.

    If an employer does not provide that Information ruling states that the employer has to accept that e-mail and equipment is used for personal matters. The only question here is how much - as in if the employee manages to fullfill his 8 hours of work per day and lets say adds 1 hour personal use.

    The tricky part is this:
    If the employer allows private usage of e-mail/equipment he becomes a de-facto service provider and has to yield to the law of privacy of correspondence - which means he is not allowed the secretly access equipment or read the e-mail, even if business related

    If the employer rules that e-mail and equipment is for business only (s)he can legally read e-mails and access equipment without the employees knowledge.

    An additional tricky part is if an employer decides later to cut down on it the employees could claim a right of custom and practice which means it could take months or years before all machines, e-mails and such are clean of private usage. only then the employer would be able to legally access the e-mail or equipment.

    Last, but not least, the European Court in question was the Euorpean Court of Human Rights, not the court dealing with the European Union. The participating countries have promised to yield to the rulings in their own private matters, but the ruling limited application as the Court is not part of any justice or executive system in any country of the european union (and more). So it is a court without teeth.